BitDefender malware league table for May

Trojan downloaders predominate in BitDefender's list of top 10 malicious software threats for May

A pop-up serving trojan designed to sidestep Norton's blocker code, tops the BitDefender top ten list of current malware threats to personal computers. Indeed the May list is dominated by trojans, most of them discovered in the last few months - with the notable exception of Zlob, a bit of malware which has been making the rounds for some time now.

In second place there's Trojan.Downloader.WMA.Wimad.N, which, despite the complicated-sounding name, actually serves a very simple function : to load another piece of malware. It does this by pretending to be a helper application that will download a 'codec' to play a 'special type' of WMA file. Once the user is tricked, it downloads and runs Adware.PlayMp3z.A, an application meant to take personal information from the client's computer and use it in marketing or suspicious practices. When executed, the adware even displays a pop-up with an EULA, in an attempt to convince users of its legitimacy.

Trying to avoid antivirus countermeasures seems to be quite the fad, as in third place there's a trojan that serves only one purpose: to prevent BitDefender from updating its virus signature database. It does this, quite simply, by modifying the infected machine's hosts file. Obviously, the trick only works on machines which don't have the BitDefender on-access scanner started.

'This just goes to show that it doesn't pay off to turn off your protection - not even for a little while' commented Sorin Dudea for BitDefender.

The NSAnti malware packer is still in the top ten, racking up percentage points due to the sheer number of malware authors who still use it in their attempts to deliver their creations.

In tenth position is a rather old exploit targeting a bug in the way that Microsoft windows handles cursor and icon files. Although this vulnerability, which potentially could allow attackers remote access, has long since been patched, it seems that there's still a lot of malware that includes the exploit code 'just in case'.